This article describes how to determine the resultant Windows 2000 computer security policy.
- Start MMC and add the Security Configuration and Analysis snap-in.
- Right-click Security Configuration and Analysis under Console Root in the left pane, and then click Open Database.
- Type any database name (for example, Testdb).
- When you are prompted to select an import template, choose the appropriate .inf template. For a domain controller, choose Basicdc.inf; for a server, choose Basicsv.inf; for a workstation, choose Basicwk.inf. When you choose the Basicdc.inf template (for a domain controller), you may receive an error message. Ignore the error message and continue.
For additional information about this error message, click the article number below to view the article in the Microsoft Knowledge Base:250454 Error Returned Importing the BASICDC Security Template
- Right-click Security Configuration and Analysis under Console Root in the left pane, and then click Analyze Computer Now.
- The Perform Analysis dialog box prompts you for path for the Error log. Accept the default or choose the appropriate path.
- The analyzer checks these items: User Rights Assignment, Restricted Groups, Registry, File System, System Services, and Security Policy. This process may take several minutes.
Expanding these items displays the underlying system settings. When you are viewing a branch or subbranch, the right pane (the Details pane) displays several columns. The first column indicates the name of the individual policy in the analysis results. For Account Policies, Local Policies, and Event Log, the second column indicates the security value in your template. The third column indicates the current security level in the system analyzed. For the remaining types of policies, the second and third columns represent comparison results specific to the type of policy.
In any type of policy, a red X indicates a difference from the base configuration. A green check mark indicates consistency with the base configuration. No icon indicates that the security attribute was not included in your template, and is therefore not analyzed.
Note that this analysis is static and only accurately reflects the settings that exist at the time of the analysis. Changes in the security settings are not displayed in the analysis until you perform a new analysis.
For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
Article ID: 258595 - Last Review: Feb 27, 2007 - Revision: 1